Bug 1814541 (CVE-2020-1763)
| Summary: | CVE-2020-1763 libreswan: DoS attack via malicious IKEv1 informational exchange message | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | jaster, pvrabec, pwouters, sahana, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libreswan 3.32 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan. An unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-05-12 10:33:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1813392, 1814933, 1814934, 1814935, 1829668, 1834594, 1834595 | ||
| Bug Blocks: | 1813909 | ||
|
Description
Dhananjay Arunesh
2020-03-18 07:45:10 UTC
As per upstream (https://bugzilla.redhat.com/show_bug.cgi?id=1813329#c2): offending upstream commit: fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 is the first bad commit commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 Author: D. Hugh Redelmeier <hugh> Date: Wed Sep 19 12:51:01 2018 -0400 pluto: ikev1.c: when rejecting an unexpected payload, log the state name programs/pluto/ikev1.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Acknowledgments: Name: Paul Wouters (Red Hat) Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. External References: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt Created libreswan tracking bugs for this issue: Affects: epel-6 [bug 1834595] Affects: fedora-all [bug 1834594] Statement: This flaw does not affect the version of libreswan shipped with Red Hat Enterprise Linux 6 and 7 because they did not ship the vulnerable code. (The offending commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 and others was introduced in libreswan-3.27) Upstream patch: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2069 https://access.redhat.com/errata/RHSA-2020:2069 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2071 https://access.redhat.com/errata/RHSA-2020:2071 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2070 https://access.redhat.com/errata/RHSA-2020:2070 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1763 *** Bug 1813392 has been marked as a duplicate of this bug. *** |